fix nginx merge conflicts

setup/so-functions

@@ -61,7 +61,7 @@ add_mngr_ip_to_hosts() {
 
 add_socore_user_manager() {
 	info "Adding socore user"
-	logCmd "so_add_user 'socore' '939' '939' '/opt/so'" 
+	logCmd "so_add_user socore 939 939 /opt/so" 
 }
 
 add_web_user() {
@@ -967,15 +967,15 @@ detect_os() {
 }
 
 download_elastic_agent_artifacts() {
-   #TODO - ISO
 
-   logCmd "mkdir -p /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
-
-   logCmd "curl --retry 5 --retry-delay 60 https://repo.securityonion.net/file/so-repo/prod/2.4/elasticagent/elastic-agent_SO-$SOVERSION.tar.gz --output /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz"
-
-   logCmd "tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz -C /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
-
-	}
+	if [[ $is_iso ]]; then
+		logCmd "tar -xf /nsm/elastic-fleet/artifacts/beats/elastic-agent_SO-$SOVERSION.tar.gz -C /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
+	else
+		logCmd "mkdir -p /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
+		logCmd "curl --retry 5 --retry-delay 60 https://repo.securityonion.net/file/so-repo/prod/2.4/elasticagent/elastic-agent_SO-$SOVERSION.tar.gz --output /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz"
+		logCmd "tar -xf /nsm/elastic-fleet/artifacts/beats/elastic-agent_SO-$SOVERSION.tar.gz -C /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
+	fi
+}
 
 installer_progress_loop() {
 	local i=0
@@ -1948,9 +1948,11 @@ securityonion_repo() {
 			logCmd "dnf repolist all"
 		fi
 		if [[ $waitforstate ]]; then
-			# Build the repo locally so we can use it
-			echo "Syncing Repo"
-			repo_sync_local
+			if [[ ! $is_airgap ]]; then
+				# Build the repo locally so we can use it
+				echo "Syncing Repo"
+				repo_sync_local
+			fi
 		fi
 	fi
 }
@@ -2196,12 +2198,12 @@ setup_salt_master_dirs() {
 		logCmd "rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/pillar/* $default_salt_dir/pillar/"
 		logCmd "rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/salt/* $default_salt_dir/salt/"
 		logCmd "mkdir -p $local_salt_dir/salt/zeek/policy/intel"
-		logCmd "cp -Rv /home/$INSTALLUSERNAME/SecurityOnion/files/intel.dat $local_salt_dir/salt/zeek/policy/intel/"
+		logCmd "touch $local_salt_dir/salt/zeek/policy/intel/intel.dat"
 	else
 		logCmd "cp -Rv ../pillar/* $default_salt_dir/pillar/"
 		logCmd "cp -Rv ../salt/* $default_salt_dir/salt/"
 		logCmd "mkdir -p $local_salt_dir/salt/zeek/policy/intel"
-		logCmd "cp -Rv files/intel.dat $local_salt_dir/salt/zeek/policy/intel/"
+		logCmd "touch $local_salt_dir/salt/zeek/policy/intel/intel.dat"
 	fi
 
 	info "Chown the salt dirs on the manager for socore"
@@ -2295,8 +2297,8 @@ set_initial_firewall_access() {
 set_management_interface() {
 	title "Setting up the main interface"
 	if [ "$address_type" = 'DHCP' ]; then
-		logCmd "nmcli con mod '$MNIC' connection.autoconnect yes"
-		logCmd "nmcli con up '$MNIC'"
+		logCmd "nmcli con mod $MNIC connection.autoconnect yes"
+		logCmd "nmcli con up $MNIC"
 	else
 		# Set Static IP
 		nmcli con mod "$MNIC" ipv4.addresses "$MIP"/"$MMASK"\
@@ -2331,8 +2333,8 @@ so_add_user() {
 	if [ "$5" ]; then local pass=$5; fi
 
 	info "Add $username user"
-	logCmd "groupadd --gid '$gid' '$username'"
-	logCmd "useradd -m --uid '$uid' --gid '$gid' --home-dir '$home_dir' '$username'"
+	logCmd "groupadd --gid $gid $username"
+	logCmd "useradd -m --uid $uid --gid $gid --home-dir $home_dir $username"
 
 	# If a password has been passed in, set the password
 	if [ "$pass" ]; then

setup/so-setup

@@ -335,45 +335,53 @@ process_installtype
 
 # If this is not an automated install prompt
 if ! [[ -f $install_opt_file ]]; then
-
-	# If you are a manager ask ALL the manager things here. I know there is code re-use but this makes it easier to add new roles.
+	# If you are a manager ask ALL the manager things here. I know there is code re-use but this makes it easier to add new roles
 	if [[ $is_eval ]]; then
+		# waitforstate means we will run the full salt state at the end. This is for only nodes running the salt-master service
 		waitforstate=true
-		#ubuntu_check
+		# Does this role have monitoring interfaces?
 		monints=true
+		# Prompt the user to accept the elastic license
 		check_elastic_license
+		# If it is an install from ISO is this airgap?
+		[[ $is_iso ]] && whiptail_airgap
+		# Make sure minimum requirements are met
 		check_requirements "manager"
+		# Do networking things
 		networking_needful
-		collect_net_method
+		# Do we need a proxy?
+		[[ ! $is_airgap ]] && collect_net_method
+		# Do we need to change the dockernet subnet?
 		collect_dockernet
-		if [[ $is_iso ]]; then
-			whiptail_airgap
-		fi
-		detect_cloud
+		# Are we in the clouds?
+		[[ ! $is_airgap ]] && detect_cloud
+		# Sets some minion info
 		set_minion_info
 		set_default_log_size >> $setup_log 2>&1
 		info "Verifying all network devices are managed by Network Manager that should be"
 		check_network_manager_conf
 		set_network_dev_status_list
+		# What NIC for watching network traffic?
 		whiptail_sensor_nics
+		# How many cores do we have?
 		calculate_useable_cores
+		# What is the web user?
 		collect_webuser_inputs
+		# How are we accessing the UI?
 		get_redirect
+		# Does the user want to allow access to the UI?
 		collect_so_allow
 		whiptail_end_settings
 	elif [[ $is_standalone ]]; then
 		waitforstate=true
-		#ubuntu_check
 		monints=true
 		check_elastic_license
+		[[ $is_iso ]] && whiptail_airgap
 		check_requirements "manager"
 		networking_needful
-		collect_net_method
+		[[ ! $is_airgap ]] && collect_net_method
 		collect_dockernet
-		if [[ $is_iso ]]; then
-			whiptail_airgap
-		fi
-		detect_cloud
+		[[ ! $is_airgap ]] && detect_cloud
 		set_minion_info
 		set_default_log_size >> $setup_log 2>&1
 		info "Verifying all network devices are managed by Network Manager that should be"
@@ -389,14 +397,12 @@ if ! [[ -f $install_opt_file ]]; then
 		check_elastic_license
 		waitforstate=true
 		#ubuntu_check
+		[[ $is_iso ]] && whiptail_airgap
 		check_requirements "manager"
 		networking_needful
-		collect_net_method
+		[[ ! $is_airgap ]] && collect_net_method
 		collect_dockernet
-		if [[ $is_iso ]]; then
-			whiptail_airgap
-		fi
-		detect_cloud
+		[[ ! $is_airgap ]] && detect_cloud
 		set_minion_info
 		set_default_log_size >> $setup_log 2>&1
 		info "Verifying all network devices are managed by Network Manager that should be"
@@ -410,15 +416,12 @@ if ! [[ -f $install_opt_file ]]; then
 	elif [[ $is_managersearch ]]; then
 		check_elastic_license
 		waitforstate=true
-		#ubuntu_check
+		[[ $is_iso ]] && whiptail_airgap
 		check_requirements "manager"
 		networking_needful
-		collect_net_method
+		[[ ! $is_airgap ]] && collect_net_method
 		collect_dockernet
-		if [[ $is_iso ]]; then
-			whiptail_airgap
-		fi
-		detect_cloud
+		[[ ! $is_airgap ]] && detect_cloud
 		set_minion_info
 		set_default_log_size >> $setup_log 2>&1
 		info "Verifying all network devices are managed by Network Manager that should be"
@@ -430,7 +433,6 @@ if ! [[ -f $install_opt_file ]]; then
 		collect_so_allow
 		whiptail_end_settings
 	elif [[ $is_sensor ]]; then
-		#ubuntu_check
 		installer_prereq_packages
 		monints=true
 		check_requirements "sensor"
@@ -459,7 +461,6 @@ if ! [[ -f $install_opt_file ]]; then
 		whiptail_end_settings
 
 	elif [[ $is_searchnode ]]; then
-		#ubuntu_check
 		installer_prereq_packages
 		check_requirements "elasticsearch"
 		networking_needful
@@ -473,7 +474,6 @@ if ! [[ -f $install_opt_file ]]; then
 		whiptail_end_settings
 
 	elif [[ $is_heavynode ]]; then
-		#ubuntu_check
 		installer_prereq_packages
 		monints=true
 		check_requirements "heavynode"
@@ -486,29 +486,26 @@ if ! [[ -f $install_opt_file ]]; then
 		whiptail_end_settings
 
 	elif [[ $is_idh ]]; then
-		#ubuntu_check
 		installer_prereq_packages
 		check_requirements "idh"
 		networking_needful
 		collect_mngr_hostname
 		add_mngr_ip_to_hosts
 		check_manager_connection
-		#collect_idh_services (this may be added back sometime in the future)
 		collect_idh_preferences
 		set_minion_info
 		whiptail_end_settings
 
 	elif [[ $is_import ]]; then
-		#ubuntu_check
 		waitforstate=true
 		monints=true
+		[[ $is_iso ]] && whiptail_airgap
 		check_elastic_license
 		check_requirements "import"
 		networking_needful
-		if [[ $is_iso ]]; then
-			whiptail_airgap
-		fi
-		detect_cloud
+		[[ ! $is_airgap ]] && detect_cloud
+		collect_dockernet
+		[[ ! $is_airgap ]] && collect_net_method
 		set_minion_info
 		set_default_log_size >> $setup_log 2>&1
 		info "Verifying all network devices are managed by Network Manager that should be"
@@ -521,7 +518,6 @@ if ! [[ -f $install_opt_file ]]; then
 		whiptail_end_settings
 
 	elif [[ $is_receiver ]]; then
-		#ubuntu_check
 		installer_prereq_packages
 		check_requirements "receiver"
 		networking_needful

setup/so-verify

@@ -31,7 +31,7 @@ log_has_errors() {
 
     # Ignore Failed: 0 since that is the salt state output, and we detect state failures
     # via Result: False already.
-
+    
     grep -E "FAILED|Failed|failed|ERROR|Result: False" "$setup_log" | \
         grep -vE "The Salt Master has cached the public key for this node" | \
         grep -vE "Minion failed to authenticate with the master" | \